The agency doesn't have a backup system in place if another outage happens, the watchdog said.
Unless Customs and Border Protection updates its system for screening people entering and leaving the country, it risks repeating an IT outage that left tens of thousands of passengers stranded in airports nationwide earlier in the year, according to an agency watchdog.
The Homeland Security Department Inspector General began auditing the Treasury Enforcement Communications System after it broke down in January and caused massive delays for international travelers passing through airport customs. Investigators found the system lacks the ability to be properly tested, maintained and monitored, and the agency doesn’t have a sufficient backup plan in place if the system fails.
“Until such deficiencies are addressed, CBP lacks a means to minimize the possibility and impact of similar system outages in the future,” the IG wrote in a report published Monday.
TECS is the main system CBP uses to check foreigners against watchlists as they come in and out of the U.S. Originally built in the 1980s, the antiquated system screens more than 900,000 visitors and roughly 465,000 vehicles every day.
On Jan. 2, an unusually large number of holiday travelers overwhelmed the system and caused it to shut down for about four hours. The outage struck airports in New York, Boston, Los Angeles and other major cities nationwide. In Miami alone, 109 flights and more than 13,000 passengers were delayed entering the country, according to the report.
CBP got the system running again by switching to an older version but without taking steps to update the TECS environment, investigators said the agency runs the risk of another outage.
The IG office made five recommendations for improving the system and preventing it from breaking down in the future, including more thorough software testing and more timely patching. Investigators also believe CPB should more closely monitor the system to spot potential problems and make it mandatory to take recovery action after the first hour of an outage.
CBP concurred with all the recommendations except improving communication regarding software vulnerabilities and patching, which the agency said was already sufficient and did not play a role in the January outage. The IG office still considers the issue unresolved.